hi, first time here, only place that i can link to after i searched this virus. avast found 4 issues but would not let me do anything with them. then avast asked to do a boot scan and i could move all to chest except the win32…malwarebytes never picked up anything. if i type anything into search engine, the first page comes up but when i click on link it takes me to anywhere but where i want to go.i don’t know what to do. i have windows xp with service pack 3, i use mozilla firefox and outlook express. i need help. please…thank you, maggie
win32:patched is detection in system files. You need Essexboy for this one…
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(do not post log`s in the guide)
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt.)
i have mamb log and otl logs. i do not know what to do next. i guess i should save them somewhere in case i lose them. was that supposed to fix the problem? thanks for any and all help. maggie
i have mamb log and otl logs.
attach mbam and OTL logs here
ok, here they are.
Essexboy is notified. he is usually in here from 8:00PM TO 11:59PM uk time
OK you have some spare good copies so Combofix should be able to fix this
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
here is the combofix log
OK this is becoming a real pain of an infection. Looks like a new cleaning routine needs to be devised
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront.jpg
Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg
here the virus scan report, next i will do the manual scan. the virus scan would not let me repair some issues, only delete or ignore so i deleted.it also wants me to restart computer to finish disinfection.
i have the zip file but it will not let me attach in reply. the virus scan report will not leave desktop so i am going to reboot.
That’s right you can’t attach .zip files only .log or .txt files. There is no point in trying to change the file type to one of those as that will basically corrupt the file when it is saved for use in the forums.
You can use a file sharing service like Mediafire.com - Upload to http://www.mediafire.com/ and post the sharing link to the zip file in your next post.
well, i rebooted last night and now i am in a constant reboot loop. it does show the option for the windows recovery mode but i have to be quick to get it.then it asked me what i wanted to run, 1- c/windows or press enter to escape, presses one and nothing really happened. i tried to run in safe mode and that wasn’t happening either. i am on my daughters laptop now and i am ready to throw mine away or try to get back to factory settings…maggie oh yes, i guess we can forget about attaching the zip file for now!
According to the AVP log it disinfected the file and did not delete, OK can you get to recovery console command prompt ?
If so download winlogon and explorer from my site to a USB drive
http://cid-32d8666f4048075b.office.live.com/self.aspx/Malware%20files/winlogon.exe
Then you will need to copy the files from the USB drive to c:\windows\system32\winlogon.exe and c:\windows\explorer.exe
so, the recovery console is the new option that comes up while starting computer that came with the combofix yesterday. it asks me what i want to run and the only option is c/:windows, so i press 1 and then i run your program from the usb?
Yes start the recovery console
Insert the USB
At the command prompt type map and press enter
This will list all the drives present on your system
Note the drive letter for your USB and insert it where I have the X
then type the following commands pressing enter after each
copy X:\explorer.exe c:\windows\explorer.exe
copy X:\winlogon.exe c:\windows\system32\winlogon.exe
After you press enter for each command it should come up with one file copied
When done reboot normally
ok, started computer, my choices are
1-microsoft windows recovery console
2-do not select this(debugger enabled)
3-microsoft windows xp home edition.
i select recovery and typed MAP, offers 4 drives, dvd,cdrom,c and a so chose a. after typing COPY(A):\EXPLORER.EXE C:\WINDOWS\EXPLORER.EXE PRESSED ENTER AND IT SAYS DOES NOT SUPPORT COMMAND, TYPE HELP FOR LIST OF COMMANDS.
COPY(A):\EXPLORER.EXE C:\WINDOWS\EXPLORER.EXE
This command should be written
COPY A:\EXPLORER.EXE C:\WINDOWS\EXPLORER.EXE
it keeps saying “the system cannot find the file specified”
i downloaded the winlogon and explorer from the site to the usb stick and it says it is on there according to another computer.
Could you select the other dirve and type dir /p
then see which one is your USB with the files on